AI agents in HubSpot: security, data protection and responsibility clearly regulated - and which LLM is behind it?

What actually happens to our data?

In this article, we show what happens to data with HubSpot AI agents, how data protection and security are guaranteed and why this approach differs significantly from public AI tools such as ChatGPT, Google Gemini, etc.

What are AI agents in HubSpot - briefly classified

AI agents in HubSpot are not open chatbots or freely acting systems. They are process-bound, company-specific AI functions that support or automate tasks in marketing, sales and service.

Important here:

• They work contextually
• They are embedded in business processes
• They are subject to clear rules, roles and authorizations

AI in HubSpot is therefore not an experiment, but part of the enterprise architecture.

How HubSpot AI agents work - explained at business level

Today's customers expect instant responses, personalized experiences and 24/7 availability - across all channels. This is exactly where HubSpot comes in with the new Breeze Customer Agent, an intelligent AI-supported chatbot that does much more than traditional support automation.

1 AI models in the background - and where the real added value lies

HubSpot does not develop its own Large Language Model (LLM). Instead, HubSpot uses powerful AI models from external providers, such as OpenAI or Google. However, the crucial point is not which model is used, but how this model is used. HubSpot embeds these AI models in its own security, data and governance layer.

2 What data is used by AI agents?

When an AI agent works in HubSpot, the following happens:

• Only the data that is necessary for the specific task is used.
• The data comes from
  • the HubSpot CRM
  • Connected knowledge bases (e.g. help center, shared documents)
  • Explicitly permitted sources

There is no blanket or uncontrolled data access.

3. is this data stored with external AI models?

Accuracy is crucial here. According to the data protection and contractual principles communicated by HubSpot:

• The data is transmitted temporarily for processing
• It is not stored permanently
• It is not used for training the AI models

In this context, the external AI models serve as a computing instance, not as data storage.

Put simply, the AI processes information in order to fulfill a task. It does not build up its own memory about a company, customers or contacts.

4. does the data remain under the control of the company?

Yes, clearly regulated in legal and organizational terms:

• The company remains responsible for the data.
• HubSpot acts as a processor.
• Data is processed for a specific purpose.
• Access, use and protection are contractually defined.

The AI agents are not a separate system, but an integral part of the HubSpot platform, with the same security and data protection mechanisms as CRM, marketing, service or CMS.

Data protection with HubSpot AI agents - clearly explained

The General Data Protection Regulation does not stipulate which tools may be used, but how personal data must be processed.

For companies, this means

• Transparency about where data is stored
• Clarity about who processes it
• Control over the purpose for which it is used

HubSpot ensures that:

• Data is only processed on behalf of the company
• roles and responsibilities are clearly defined
• suitable technical and organizational protective measures are in place
• international data processing is contractually secured

These principles apply platform-wide and therefore also for AI agents. AI in HubSpot is not a special case, but part of the same data protection and security logic.

In short: Anyone who uses HubSpot in compliance with data protection regulations also uses the AI agents within this framework.

Why AI in HubSpot is different from a normal ChatGPT or Gemini account

Many teams today use AI via private ChatGPT accounts, public Google Gemini accounts or individual, non-centrally controlled AI tools. An objective classification is important here.

Public AI tools (consumer use)

• Use is subject to the respective terms of use of the provider.
• Depending on the version, account type and settings, content can be saved, analyzed or used to improve models.
• There is no company-wide governance.
• There is no central control over which data is entered.
• There is often no clear separation between business and private use.

For organizations, this often means a lack of transparency, a lack of control and legal uncertainties.

AI agents within HubSpot

• AI is integrated into an enterprise platform.
• There are clear contractual regulations on data processing.
• Customer data is not used for AI training.
• Used exclusively in the defined business context.
• Central control, documentation and traceability are possible.

The difference lies not in the intelligence of the AI, but in security, responsibility and governance.

Conclusion

Artificial intelligence does not develop its real added value where it is at its freest, but where it is managed, controlled and used responsibly.

HubSpot AI agents make exactly that possible:

• Productive AI in everyday life
• without loss of control over data
• without legal gray areas
• without shadow IT

For the management of a company, the use of AI should not be a detailed technical question, but a strategic management decision.

Get into the topic now

Have you already thought about how you could use AI agents in your organization in an initial pilot project? Then talk to us. We will be happy to show you the possibilities in marketing, sales and service based on specific customer use cases and how you can take data protection and security into account. Either way, we look forward to discussing our current favorite topic with you.